Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Lorien_the_first_one writes "The Register reports that "A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews."

The article points out that several areas of the kernel, in particular, the function "setuid", are involved in this new exploit. "The exploit code was released Friday by Brad Spengler of grsecurity, a developer of applications that enhance the security of the open-source OS. While it targets Linux versions that have yet to be adopted by most vendors, the bug has captured the attention of security researchers, who say it exposes overlooked weaknesses."

What I find interesting about the article is that although it focuses on newer versions of the kernel, near the end of the article, they offer the following food for thought: "Setuid is well-known as a chronic security hole," Rob Graham, CEO of Errata Security wrote in an email. "Torvalds is right, it's not a kernel issue, but it is a design 'flaw' that is inherited from Unix. There is no easy solution to the problem, though, so it's going to be with us for many years to come."